Lines Matching refs:CE
36 void checkPostStmt(const CallExpr *CE, CheckerContext &C) const;
38 void checkPreStmt(const CallExpr *CE, CheckerContext &C) const;
53 bool checkPre(const CallExpr *CE, CheckerContext &C) const;
56 void addSourcesPre(const CallExpr *CE, CheckerContext &C) const;
59 bool propagateFromPre(const CallExpr *CE, CheckerContext &C) const;
62 void addSourcesPost(const CallExpr *CE, CheckerContext &C) const;
75 ProgramStateRef postScanf(const CallExpr *CE, CheckerContext &C) const;
76 ProgramStateRef postSocket(const CallExpr *CE, CheckerContext &C) const;
77 ProgramStateRef postRetTaint(const CallExpr *CE, CheckerContext &C) const;
80 ProgramStateRef preFscanf(const CallExpr *CE, CheckerContext &C) const;
84 bool checkUncontrolledFormatString(const CallExpr *CE,
91 bool checkSystemCall(const CallExpr *CE, StringRef Name,
97 bool checkTaintedBufferSize(const CallExpr *CE, const FunctionDecl *FDecl,
168 ProgramStateRef process(const CallExpr *CE, CheckerContext &C) const;
275 void GenericTaintChecker::checkPreStmt(const CallExpr *CE, in checkPreStmt() argument
278 if (checkPre(CE, C)) in checkPreStmt()
282 addSourcesPre(CE, C); in checkPreStmt()
285 void GenericTaintChecker::checkPostStmt(const CallExpr *CE, in checkPostStmt() argument
287 if (propagateFromPre(CE, C)) in checkPostStmt()
289 addSourcesPost(CE, C); in checkPostStmt()
292 void GenericTaintChecker::addSourcesPre(const CallExpr *CE, in addSourcesPre() argument
295 const FunctionDecl *FDecl = C.getCalleeDecl(CE); in addSourcesPre()
307 State = Rule.process(CE, C); in addSourcesPre()
320 State = (this->*evalFunction)(CE, C); in addSourcesPre()
327 bool GenericTaintChecker::propagateFromPre(const CallExpr *CE, in propagateFromPre() argument
344 State = State->addTaint(CE, C.getLocationContext()); in propagateFromPre()
350 if (CE->getNumArgs() < (ArgNum + 1)) in propagateFromPre()
352 const Expr* Arg = CE->getArg(ArgNum); in propagateFromPre()
368 void GenericTaintChecker::addSourcesPost(const CallExpr *CE, in addSourcesPost() argument
372 const FunctionDecl *FDecl = C.getCalleeDecl(CE); in addSourcesPost()
397 State = (this->*evalFunction)(CE, C); in addSourcesPost()
404 bool GenericTaintChecker::checkPre(const CallExpr *CE, CheckerContext &C) const{ in checkPre() argument
406 if (checkUncontrolledFormatString(CE, C)) in checkPre()
409 const FunctionDecl *FDecl = C.getCalleeDecl(CE); in checkPre()
417 if (checkSystemCall(CE, Name, C)) in checkPre()
420 if (checkTaintedBufferSize(CE, FDecl, C)) in checkPre()
445 GenericTaintChecker::TaintPropagationRule::process(const CallExpr *CE, in process() argument
458 for (unsigned int i = 0; i < CE->getNumArgs(); ++i) { in process()
461 if ((IsTainted = isTaintedOrPointsToTainted(CE->getArg(i), State, C))) in process()
467 if (CE->getNumArgs() < (ArgNum + 1)) in process()
469 if ((IsTainted = isTaintedOrPointsToTainted(CE->getArg(ArgNum), State, C))) in process()
486 for (unsigned int i = 0; i < CE->getNumArgs(); ++i) { in process()
487 const Expr *Arg = CE->getArg(i); in process()
505 assert(ArgNum < CE->getNumArgs()); in process()
515 ProgramStateRef GenericTaintChecker::preFscanf(const CallExpr *CE, in preFscanf() argument
517 assert(CE->getNumArgs() >= 2); in preFscanf()
521 if (State->isTainted(CE->getArg(0), C.getLocationContext()) || in preFscanf()
522 isStdin(CE->getArg(0), C)) { in preFscanf()
524 for (unsigned int i = 2; i < CE->getNumArgs(); ++i) in preFscanf()
534 ProgramStateRef GenericTaintChecker::postSocket(const CallExpr *CE, in postSocket() argument
537 if (CE->getNumArgs() < 3) in postSocket()
540 SourceLocation DomLoc = CE->getArg(0)->getExprLoc(); in postSocket()
546 State = State->addTaint(CE, C.getLocationContext()); in postSocket()
550 ProgramStateRef GenericTaintChecker::postScanf(const CallExpr *CE, in postScanf() argument
553 if (CE->getNumArgs() < 2) in postScanf()
557 for (unsigned int i = 1; i < CE->getNumArgs(); ++i) { in postScanf()
560 const Expr* Arg = CE->getArg(i); in postScanf()
568 ProgramStateRef GenericTaintChecker::postRetTaint(const CallExpr *CE, in postRetTaint() argument
570 return C.getState()->addTaint(CE, C.getLocationContext()); in postRetTaint()
606 static bool getPrintfFormatArgumentNum(const CallExpr *CE, in getPrintfFormatArgumentNum() argument
612 const FunctionDecl *FDecl = C.getCalleeDecl(CE); in getPrintfFormatArgumentNum()
618 CE->getNumArgs() > ArgNum) in getPrintfFormatArgumentNum()
623 if (C.getCalleeName(CE).find("setproctitle") != StringRef::npos) { in getPrintfFormatArgumentNum()
653 bool GenericTaintChecker::checkUncontrolledFormatString(const CallExpr *CE, in checkUncontrolledFormatString() argument
657 if (!getPrintfFormatArgumentNum(CE, C, ArgNum)) in checkUncontrolledFormatString()
661 return generateReportIfTainted(CE->getArg(ArgNum), in checkUncontrolledFormatString()
665 bool GenericTaintChecker::checkSystemCall(const CallExpr *CE, in checkSystemCall() argument
684 if (ArgNum == UINT_MAX || CE->getNumArgs() < (ArgNum + 1)) in checkSystemCall()
687 return generateReportIfTainted(CE->getArg(ArgNum), MsgSanitizeSystemArgs, C); in checkSystemCall()
692 bool GenericTaintChecker::checkTaintedBufferSize(const CallExpr *CE, in checkTaintedBufferSize() argument
725 return ArgNum != InvalidArgIndex && CE->getNumArgs() > ArgNum && in checkTaintedBufferSize()
726 generateReportIfTainted(CE->getArg(ArgNum), MsgTaintedBufferSize, C); in checkTaintedBufferSize()